Here are answers to frequently asked questions about the CTF event.
- What is the CTF?
- Who is this designed for, and how much will this cost?
- When is the event?
- How do I access the event?
- How do I participate in the event?
- Which boxes should I hack at the 200 LVL?
- Which boxes should I hack at the 300 LVL?
- What time will the boxes be released?
- How do I submit my details?
- What are the prizes?
- How will the prizes be administered?
- Are prizes transferable?
- Can we play as a team?
- Can I enter a challenge if I already have a certificate?
- Can I play in both 200 and 300 LVL challenges?
- Can previous winners compete in this challenge?
- Rules
- Need more help?
What is the CTF?
Capture the flag (CTF) is an online challenge in which "flags" are secretly hidden in purposefully-vulnerable machines on PG Practice for educational and competitive purposes.
Who is this designed for, and how much will this cost?
OffSec presents Capture the flag for pentesters.
Access to the event is open to anyone with access to PG Practice, such as Learn One, Learn Unlimited, and Learn Enterprise or PG-Practice subscribers.
When is the event?
The event takes place on Friday, December 15th 2023 at 13:00 EDT - Monday, December 18th 2023 at 13:00 EDT.
How do I access the event?
https://www.offsec.com/labs/ - for enrolled PG Practice clients click “Practice” and select the machines to compete.
https://portal.offsec.com/sign-up/pg - to sign up for PG Practice click on “Practice” and select the machines to compete.
How do I participate in the event?
After joining PG Practice, players must perform one of the following:
- Hack seven boxes for the PEN-200 to find all pieces of the puzzle.
- Hack one machine for the PEN-300 to find all pieces of the puzzle
- Hack one machine for the EXP-301 to find all pieces of the puzzle
Which boxes should I hack at the 200 LVL?
If you compete at 200 LVL you must hack the following boxes:
CTF-200-01, CTF-200-02, CTF-200-03, CTF-200-04, CTF-200-05, CTF-200-06, and CTF-200-07.
Which boxes should I hack at the 300 LVL?
If you compete at 300 LVL for the PEN-300 you must hack the CTF-300-01.
If you compete at 300 LVL for the EXP-301 you must hack the CTF-300-02.
What time will the boxes be released?
- Machine release schedule for 200 LVL:
- CTF-200-01 release on Friday December 15th, 2023 at 1 pm EDT
- CTF-200-02 release on Friday December 15th, 2023 at 1 pm EDT
- CTF-200-03 release on Friday December 15th, 2023 at 1 pm EDT
- CTF-200-04 release on Friday December 15th, 2023 at 1 pm EDT
- CTF-200-05 release on Friday December 15th, 2023 at 1 pm EDT
- CTF-200-06 release on Friday December 15th, 2023 at 1 pm EDT
- CTF-200-07 release on Friday December 15th, 2023 at 1 pm EDT
- Machine release schedule for 300 LVL:
- CTF-300-01 release on Friday December 15th, 2023 at 2 pm EDT
- CTF-300-02 release on Friday December 15th, 2023 at 2 pm EDT
Boxes will appear on the OffSec Platform at time of release.
How do I submit my details?
200 LVL players must hack seven boxes, and 300 LVL players must hack one box to discover a hidden email address and send a message with the following details:
* Full name & Last name
* OS-ID
* Discord username
* PEN-200 LVL
* For 300 LVL players, please mention either EXP-301 or the PEN-300 challenge
* Detailed Penetration test report on each of the machines that have been compromised.
What are the prizes?
PEN-300
- 1st prize: L1 for PEN-300
- 2nd prize: PEN-300 90 day course access
- 3rd prize: 3 month PG-Practice access
EXP-301
- 1st prize: L1 for EXP-301
- 2nd prize: EXP-301 90 day course access
- 3rd prize: 3 month PG-Practice access
PEN-200
- 1st prize: L1 for PEN-200
- 2nd prize: PEN-200 90 day course access
- 3rd prize: 3 month PG-Practice access
How will the prizes be administered?
The first three players to complete all boxes per category and send an email with their full name and OS-ID number wins a prize for the selected LVL challenge.
- First place winner is determined by being the first to email.
- The second place winner is determined by being the second to email and again for the third place winner.
Winners will be announced on social media and via email after the event. There will also be a leaderboard during the event that will be updated periodically with the results.
Are prizes transferable?
No. Prizes are only awarded to the player or players competing in the event. You may not transfer your prize to another player competing in the CTF or another member of the OffSec community.
Can we play as a team?
No. Only individuals over 18 years of age can participate in this event.
Can I enter a challenge if I already have a certificate?
No. The challenge categories are for individuals who have not enrolled, completed or attempted the certification for said category in the CTF event.
Can I play in both 200 and 300 LVL challenges?
No. Players must choose one challenge. If you compete in multiple categories you will not receive a prize for the second challenge.
Can previous winners compete in this challenge?
Yes, but no prizes will be awarded to category winners of previous OffSec CTF events. Meaning, if you came in first or second in any of the Offsec CTF events during the past year you will not be eligible for a prize in that category.
You are more than welcome to attempt another category on the same skill set level.
What must the Penetration test report contain?
Your penetration test report for this CTF event should comply with the exact same standards that our exam reports adhere to. Your report should include the following per machine:
* Detailed explanation of how the machine was compromised in .pdf format
* Screenshots depicting the output of the following commands:
* ifconfig / ipconfig
* whoami
* date
* hostname
Please see the following link for a more comprehensive document on our report requirements: Pen-200 Reporting Requirements
Rules:
OffSec reserves the right to assess contestants' eligibility to receive allocated rewards.
Competitors must comply with the general terms and conditions as set out during registration on the OffSec Platform.
All OffSec platform account information provided when creating an account must be true and factually correct. Contestants are responsible for keeping their knowledge up-to-date, and keeping your account up-to-date and accurate will ensure your eligibility for the competition prizes. Winners will be required to submit a scanned copy of their government-issued ID as part of the eligibility evaluation.
OffSec will determine participation eligibility, declare winners (including but not limited to in the event of a tie), and award prizes in its sole and absolute discretion. You agree that such decisions are final and are not subject to review or reconsideration and that Teams are not entitled to be informed of other Teams' results.
OffSec has the right to request written solutions for several challenges before awarding prizes.
Need more help?
Support is available in the #ctf channel on the OffSec Discord Server during the CTF tournament.